Beyond the well known RADIUS service, Cisco ISE includes a module for performing TACACS+ authentication, authorization and accounting. Take into account that TACACS+ operation consumes appliance resources that might be necessary for RADIUS purposes so, depending on the size…
Cisco
Following my previous ISE post on phones authentication using EAP-TLS, in this new post I’ll show you how to quickly configure the access points for 802.1x authC. This require some specific configurations: They need to enable EAP-FAST as authentication…
In this post I’m gonna show you the steps for authenticating your IP phones using 802.1x and certificates. I encourage you reading the “IP Telephony for 802.1X Design Guide” before for a better understanding. Let’s start with some background…
Hi folks, In this post I’m going to show you how to perform a clean install of the Firepower module on an ASA5506X. It is an easy task but takes some time to complete since the box is not…
One cool feature included in AMP4E is the capability of running IoC scans. Once you’ve rolled out the connector among the users’ computers you just need to upload the IoC files to your AMP4E dashboard and then choose whether…
Setting up AMP for endpoints is pretty straightforward as most of the configuration is already in place and administrators just need to fine tune those parameters that best fit into their organizations. The configuration fundamentals are: Exclusions. Application Control Whitelisting.…
This post describes how to use EEM to monitor BGP changes and trigger automatic configurations to remediate failures. Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible subsystem that provides real-time network event detection and on-board automation.…
After attending the Cisco Live in Berlin I just can say that it’s been an amazing week. There’s plenty of things to do. Sometimes you wish you were able to split yourself and attend to multiple sessions at the same…
Understanding COR lists: In this post I’ll show you how to restrict extensions on CME from placing calls to not allowed numbers. CME has a great tool called Class Of Restriction (COR) which…
There is a easy way to get the plain text password from an encrypted one. We just need the router itself. For example, create an username with its corresponding encrypted password: C891(config)#username ipstorming password oops! C891(config)#do sh run |…
Do you need to ensure that you have an updated backup of your network devices? Backup tasks are easilly forgetful, so manually backups are not the best idea. As always, we should configure automated copy tasks in order to make…
Cisco started months ago an organizational change in its Academy program. It is called the “Academy Evolution”. With this new model, Cisco seeks high quality academies and an improved student experience. Regarding to the academies, the most important change is…
In large networks, DHCP Servers are located on remote subnets, sometimes far from where the clients requesting the ip are located. In these cases, relays agents are needed to carry the DHCP Discover packets sourced from clients to the data center where the…
Configuring a DHCP Server on a Cisco router is a very common task on SOHO enviroments. In small companies with a small number of hosts, there is no need of a separate DHCP Server, taking advantage of the DHCP Service avaliable…
A common issue we can find when we doing summarization in EIGRP is the lost of the optimum path towards a remote network. This is due to the fact that EIGRP supress the most specific subnets, that is, those network…
Nowadays, with the arrival of converged networks where data, voice and video go through IP, the use of backup internet connections is mandatory for bussines continuity. Depending where we want to deploy this high availability, we have several options, if our company is large…
If our network is running RIP we have several options for route filtering. As always, we can play with various parameters in order to get the desired target: delete those unnecessary routes from the routing table. For this example…
The first step before playing with the topology is setting up the router acting as frame relay switch, this is a very straight forward process, so I will show you how to do it in a few minutes. If you…
Because one of the main purposes of this blog is to present and explain network protocols, I decided to create a new topology as a base topology for the followings posts. Although I use the INE topology for my…